Back to skill
Skillv1.0.2
ClawScan security
backtrader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 23, 2026, 10:02 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper around the Backtrader Python library and its docs; its requirements and instructions are consistent with that purpose and do not request extra credentials or unusual system access.
- Guidance
- This skill appears to be documentation and examples for the open-source Backtrader Python library and is internally consistent. Before installing or running: (1) verify you trust the package source (pip will fetch code from PyPI or the network); (2) run installs in an isolated virtualenv or container to avoid impacting your system Python environment; (3) if you intend to connect real broker accounts later, be cautious and never paste secrets into tools that don't explicitly require them; (4) note minor metadata inconsistencies in included files (version/owner strings differ across files) — these are not harmful but you may want to confirm the upstream project/repository and package version you intend to use.
Review Dimensions
- Purpose & Capability
- okName/description (Backtrader backtesting framework) match the included docs, examples, and the single demo script. Required binary python3 and the suggested pip installs (backtrader, matplotlib) are appropriate for the stated functionality.
- Instruction Scope
- okSKILL.md contains documentation and code examples limited to loading data, defining strategies, and running backtests. It does not instruct reading unrelated files, accessing external endpoints beyond typical pip installs, or exfiltrating data.
- Install Mechanism
- okThere is no automated install spec; SKILL.md advises standard pip installs (backtrader, matplotlib). This is a low-risk, expected install path for a Python library. Network/package install risks are normal for pip-installed packages.
- Credentials
- okThe skill declares no environment variables, no credentials, and no config paths. The runtime instructions do not reference secrets or unrelated environment data.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent system privileges. Autonomous invocation is allowed (platform default) but not combined with any broad credential or persistence requests.